Virus chevale de troie

Bonjour,

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2

Merci de ta réponse rapide, je fais sa de suite !


voila:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:56, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\servicestub.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Symantec AntiVirus\VPC32.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [servicestub.exe] C:\WINDOWS\servicestub.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7641 bytes

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

ComboFix 08-01-09.2 - Administrateur 2008-01-17 19:48:34.1 - NTFSx86
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\W0034_jpg.zip

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:45 . 2008-01-17 19:45 42,941 --a------ C:\Documents and Settings\Administrateur\rqswxq.exe
2008-01-17 19:41 . 2008-01-17 19:41 42,941 --a------ C:\Documents and Settings\Administrateur\huqlqp.exe
2008-01-17 19:36 . 2008-01-17 19:36 42,941 --a------ C:\Documents and Settings\Administrateur\qyjdos.exe
2008-01-17 19:32 . 2008-01-17 19:32 42,941 --a------ C:\Documents and Settings\Administrateur\fnhokv.exe
2008-01-17 19:27 . 2008-01-17 19:27 42,941 --a------ C:\Documents and Settings\Administrateur\fmwqfu.exe
2008-01-17 19:23 . 2008-01-17 19:23 42,941 --a------ C:\Documents and Settings\Administrateur\rkblra.exe
2008-01-17 19:19 . 2008-01-17 19:19 42,941 --a------ C:\Documents and Settings\Administrateur\mhyqlf.exe
2008-01-17 19:15 . 2008-01-17 19:15 42,941 --a------ C:\Documents and Settings\Administrateur\ekjcto.exe
2008-01-17 19:11 . 2008-01-17 19:11 42,941 --a------ C:\Documents and Settings\Administrateur\tklakp.exe
2008-01-17 19:07 . 2008-01-17 19:07 42,941 --a------ C:\Documents and Settings\Administrateur\wxdawm.exe
2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 19:02 . 2008-01-17 19:02 42,941 --a------ C:\Documents and Settings\Administrateur\escbuh.exe
2008-01-17 18:58 . 2008-01-17 18:58 42,941 --a------ C:\Documents and Settings\Administrateur\enektu.exe
2008-01-17 18:54 . 2008-01-17 18:54 42,941 --a------ C:\Documents and Settings\Administrateur\oqjsxu.exe
2008-01-17 18:50 . 2008-01-17 18:50 42,941 --a------ C:\Documents and Settings\Administrateur\anrgnh.exe
2008-01-17 18:46 . 2008-01-17 18:46 42,941 --a------ C:\Documents and Settings\Administrateur\atcqyf.exe
2008-01-17 18:42 . 2008-01-17 18:42 42,941 -r-hs---- C:\WINDOWS\servicestub.exe
2008-01-17 18:42 . 2008-01-17 18:42 42,941 --a------ C:\Documents and Settings\Administrateur\zhdzeh.exe
2008-01-17 18:29 . 2008-01-17 18:29 36,864 --a------ C:\WINDOWS\17PHolmes1148.exe
2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-17 18:21 . 2008-01-17 18:21 36,864 --a------ C:\WINDOWS\mrofinu1148.exe.tmp
2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
2008-01-02 18:56 . 2008-01-16 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 18:46 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-17 17:42 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-17 17:42 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-17 17:42 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 17:56 --------- d-----w C:\Program Files\Google
2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
2007-11-17 00:33 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
"servicestub.exe"="C:\WINDOWS\servicestub.exe" [2008-01-17 18:42 42941]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 19:53:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 19:54:40
ComboFix-quarantined-files.txt 2008-01-17 18:54:36

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

ComboFix 08-01-09.2 - Administrateur 2008-01-17 20:35:44.2 - NTFSx86
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: D:\CFScript.txt..txt

FILE
C:\Documents and Settings\Administrateur\ekjcto.exe
C:\Documents and Settings\Administrateur\fmwqfu.exe
C:\Documents and Settings\Administrateur\fnhokv.exe
C:\Documents and Settings\Administrateur\huqlqp.exe
C:\Documents and Settings\Administrateur\mhyqlf.exe
C:\Documents and Settings\Administrateur\qyjdos.exe
C:\Documents and Settings\Administrateur\rkblra.exe
C:\Documents and Settings\Administrateur\rqswxq.exe
C:\Documents and Settings\Administrateur\tklakp.exe
C:\Documents and Settings\Administrateur\wxdawm.exe
C:\Documents and Settings\Administrateur\zhdzeh.exe
C:\WINDOWS\17PHolmes1148.exe
C:\WINDOWS\mrofinu1148.exe.tmp
C:\WINDOWS\servicestub.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\ekjcto.exe
C:\Documents and Settings\Administrateur\fmwqfu.exe
C:\Documents and Settings\Administrateur\fnhokv.exe
C:\Documents and Settings\Administrateur\huqlqp.exe
C:\Documents and Settings\Administrateur\mhyqlf.exe
C:\Documents and Settings\Administrateur\qyjdos.exe
C:\Documents and Settings\Administrateur\rkblra.exe
C:\Documents and Settings\Administrateur\rqswxq.exe
C:\Documents and Settings\Administrateur\tklakp.exe
C:\Documents and Settings\Administrateur\wxdawm.exe
C:\Documents and Settings\Administrateur\zhdzeh.exe
C:\WINDOWS\mrofinu1148.exe.tmp
C:\WINDOWS\servicestub.exe
C:\WINDOWS\W0034_jpg.zip

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 20:36 . 2008-01-17 20:36 42,941 --a------ C:\Documents and Settings\Administrateur\rtiewd.exe
2008-01-17 20:31 . 2008-01-17 20:31 42,941 --a------ C:\Documents and Settings\Administrateur\xtnrlu.exe
2008-01-17 20:27 . 2008-01-17 20:27 42,941 --a------ C:\Documents and Settings\Administrateur\cpwoyb.exe
2008-01-17 20:23 . 2008-01-17 20:23 42,941 --a------ C:\Documents and Settings\Administrateur\huuwbc.exe
2008-01-17 20:19 . 2008-01-17 20:19 42,941 --a------ C:\Documents and Settings\Administrateur\wueutv.exe
2008-01-17 20:15 . 2008-01-17 20:15 42,941 --a------ C:\Documents and Settings\Administrateur\bdxiky.exe
2008-01-17 20:11 . 2008-01-17 20:11 42,941 --a------ C:\Documents and Settings\Administrateur\ixpwcr.exe
2008-01-17 19:59 . 2008-01-17 19:59 42,941 --a------ C:\Documents and Settings\Administrateur\zdurje.exe
2008-01-17 19:57 . 2008-01-17 19:57 42,941 --a------ C:\Documents and Settings\Administrateur\kizmpj.exe
2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 19:02 . 2008-01-17 19:02 42,941 --a------ C:\Documents and Settings\Administrateur\escbuh.exe
2008-01-17 18:58 . 2008-01-17 18:58 42,941 --a------ C:\Documents and Settings\Administrateur\enektu.exe
2008-01-17 18:54 . 2008-01-17 18:54 42,941 --a------ C:\Documents and Settings\Administrateur\oqjsxu.exe
2008-01-17 18:50 . 2008-01-17 18:50 42,941 --a------ C:\Documents and Settings\Administrateur\anrgnh.exe
2008-01-17 18:46 . 2008-01-17 18:46 42,941 --a------ C:\Documents and Settings\Administrateur\atcqyf.exe
2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
2008-01-02 18:56 . 2008-01-16 21:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ
2007-12-18 08:28 . 2007-12-18 08:28 268 --ah----- C:\sqmdata11.sqm
2007-12-18 08:28 . 2007-12-18 08:28 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 19:16 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-17 17:42 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-17 17:42 359,040 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-17 17:42 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 17:56 --------- d-----w C:\Program Files\Google
2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
2007-11-17 00:33 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-17 19:35:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-17 19:35:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-17 19:35:08 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-17 19:35:08 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-17 19:35:10 5,144,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-17 19:35:11 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 20:43:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 20:45:02
ComboFix-quarantined-files.txt 2008-01-17 19:44:56
ComboFix2.txt 2008-01-17 18:54:40

Reposte un rapport Hijackthis.

post à supprimer.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:23, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7262 bytes

Désolé pour le triple post, je n'ai pas le droit d'effacer mes messages  

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

ComboFix 08-01-09.2 - Administrateur 2008-01-18 16:23:32.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.46 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: D:\CFScript.txt..txt
* Created a new restore point

FILE
C:\Documents and Settings\Administrateur\anrgnh.exe
C:\Documents and Settings\Administrateur\atcqyf.exe
C:\Documents and Settings\Administrateur\bdxiky.exe
C:\Documents and Settings\Administrateur\cpwoyb.exe
C:\Documents and Settings\Administrateur\enektu.exe
C:\Documents and Settings\Administrateur\escbuh.exe
C:\Documents and Settings\Administrateur\huuwbc.exe
C:\Documents and Settings\Administrateur\ixpwcr.exe
C:\Documents and Settings\Administrateur\kizmpj.exe
C:\Documents and Settings\Administrateur\oqjsxu.exe
C:\Documents and Settings\Administrateur\rtiewd.exe
C:\Documents and Settings\Administrateur\wueutv.exe
C:\Documents and Settings\Administrateur\xtnrlu.exe
C:\Documents and Settings\Administrateur\zdurje.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\anrgnh.exe
C:\Documents and Settings\Administrateur\atcqyf.exe
C:\Documents and Settings\Administrateur\bdxiky.exe
C:\Documents and Settings\Administrateur\cpwoyb.exe
C:\Documents and Settings\Administrateur\enektu.exe
C:\Documents and Settings\Administrateur\escbuh.exe
C:\Documents and Settings\Administrateur\huuwbc.exe
C:\Documents and Settings\Administrateur\ixpwcr.exe
C:\Documents and Settings\Administrateur\kizmpj.exe
C:\Documents and Settings\Administrateur\oqjsxu.exe
C:\Documents and Settings\Administrateur\rtiewd.exe
C:\Documents and Settings\Administrateur\wueutv.exe
C:\Documents and Settings\Administrateur\xtnrlu.exe
C:\Documents and Settings\Administrateur\zdurje.exe
C:\WINDOWS\W0034_jpg.zip

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 22:38 . 2008-01-17 22:38 42,941 --a------ C:\Documents and Settings\Administrateur\tqckjt.exe
2008-01-17 22:33 . 2008-01-17 22:33 42,941 --a------ C:\Documents and Settings\Administrateur\kprfee.exe
2008-01-17 22:29 . 2008-01-17 22:29 42,941 --a------ C:\Documents and Settings\Administrateur\fiaiwa.exe
2008-01-17 22:25 . 2008-01-17 22:25 42,941 --a------ C:\Documents and Settings\Administrateur\vdhimg.exe
2008-01-17 22:21 . 2008-01-17 22:21 42,941 --a------ C:\Documents and Settings\Administrateur\kchixe.exe
2008-01-17 22:17 . 2008-01-17 22:17 42,941 --a------ C:\Documents and Settings\Administrateur\kvvgvq.exe
2008-01-17 22:12 . 2008-01-17 22:12 42,941 --a------ C:\Documents and Settings\Administrateur\mplmqv.exe
2008-01-17 22:08 . 2008-01-17 22:08 42,941 --a------ C:\Documents and Settings\Administrateur\svcicd.exe
2008-01-17 22:04 . 2008-01-17 22:04 42,941 --a------ C:\Documents and Settings\Administrateur\kcsibv.exe
2008-01-17 22:00 . 2008-01-17 22:00 42,941 --a------ C:\Documents and Settings\Administrateur\regtom.exe
2008-01-17 21:56 . 2008-01-17 21:56 42,941 --a------ C:\Documents and Settings\Administrateur\wubsfw.exe
2008-01-17 21:52 . 2008-01-17 21:52 42,941 --a------ C:\Documents and Settings\Administrateur\tzllsc.exe
2008-01-17 21:47 . 2008-01-17 21:47 42,941 --a------ C:\Documents and Settings\Administrateur\dpbdcw.exe
2008-01-17 21:43 . 2008-01-17 21:43 42,941 --a------ C:\Documents and Settings\Administrateur\labrzo.exe
2008-01-17 21:39 . 2008-01-17 21:39 42,941 -r-hs---- C:\WINDOWS\servicestub.exe
2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
2008-01-02 18:56 . 2008-01-17 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ
2007-12-18 08:28 . 2007-12-18 08:28 268 --ah----- C:\sqmdata11.sqm
2007-12-18 08:28 . 2007-12-18 08:28 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 15:21 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-18 11:26 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-18 11:26 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-17 17:42 359,040 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 17:56 --------- d-----w C:\Program Files\Google
2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 15:23:09 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 15:23:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 15:23:09 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 15:23:09 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 15:23:09 5,144,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 15:23:09 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-17 17:42:45 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
+ 2008-01-18 11:26:26 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
- 2008-01-17 17:42:45 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2008-01-18 11:26:26 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
"servicestub.exe"="C:\WINDOWS\servicestub.exe" [2008-01-17 21:39 42941]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 16:26:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 16:27:31
ComboFix-quarantined-files.txt 2008-01-18 15:27:28
ComboFix2.txt 2008-01-17 19:45:03
ComboFix3.txt 2008-01-17 18:54:40

Bizarre.

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

C'est quoi qui est bizarre ? peux-tu m'éclaircir ?

ComboFix 08-01-09.2 - Administrateur 2008-01-18 17:55:09.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.31 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: and Settings\Administrateur\Bureau\ComboFix.exe D:\CFScript.txt..txt
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 22:38 . 2008-01-17 22:38 42,941 --a------ C:\Documents and Settings\Administrateur\tqckjt.exe
2008-01-17 22:33 . 2008-01-17 22:33 42,941 --a------ C:\Documents and Settings\Administrateur\kprfee.exe
2008-01-17 22:29 . 2008-01-17 22:29 42,941 --a------ C:\Documents and Settings\Administrateur\fiaiwa.exe
2008-01-17 22:25 . 2008-01-17 22:25 42,941 --a------ C:\Documents and Settings\Administrateur\vdhimg.exe
2008-01-17 22:21 . 2008-01-17 22:21 42,941 --a------ C:\Documents and Settings\Administrateur\kchixe.exe
2008-01-17 22:17 . 2008-01-17 22:17 42,941 --a------ C:\Documents and Settings\Administrateur\kvvgvq.exe
2008-01-17 22:12 . 2008-01-17 22:12 42,941 --a------ C:\Documents and Settings\Administrateur\mplmqv.exe
2008-01-17 22:08 . 2008-01-17 22:08 42,941 --a------ C:\Documents and Settings\Administrateur\svcicd.exe
2008-01-17 22:04 . 2008-01-17 22:04 42,941 --a------ C:\Documents and Settings\Administrateur\kcsibv.exe
2008-01-17 22:00 . 2008-01-17 22:00 42,941 --a------ C:\Documents and Settings\Administrateur\regtom.exe
2008-01-17 21:56 . 2008-01-17 21:56 42,941 --a------ C:\Documents and Settings\Administrateur\wubsfw.exe
2008-01-17 21:52 . 2008-01-17 21:52 42,941 --a------ C:\Documents and Settings\Administrateur\tzllsc.exe
2008-01-17 21:47 . 2008-01-17 21:47 42,941 --a------ C:\Documents and Settings\Administrateur\dpbdcw.exe
2008-01-17 21:43 . 2008-01-17 21:43 42,941 --a------ C:\Documents and Settings\Administrateur\labrzo.exe
2008-01-17 21:39 . 2008-01-17 21:39 42,941 -r-hs---- C:\WINDOWS\servicestub.exe
2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 18:24 . 2008-01-17 18:24 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
2008-01-02 18:56 . 2008-01-17 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ
2007-12-18 08:28 . 2007-12-18 08:28 268 --ah----- C:\sqmdata11.sqm
2007-12-18 08:28 . 2007-12-18 08:28 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-18 16:53 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-18 11:26 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-18 11:26 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-17 17:42 359,040 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 17:56 --------- d-----w C:\Program Files\Google
2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-18 16:54:59 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-18 16:55:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-18 16:55:00 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-18 16:55:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-18 16:55:00 5,144,576 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-18 16:55:00 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-17 17:42:45 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
+ 2008-01-18 11:26:26 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
- 2008-01-17 17:42:45 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2008-01-18 11:26:26 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]
"servicestub.exe"="C:\WINDOWS\servicestub.exe" [2008-01-17 21:39 42941]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 17:57:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-18 17:59:59
ComboFix-quarantined-files.txt 2008-01-18 16:59:54
ComboFix2.txt 2008-01-18 15:27:32
ComboFix3.txt 2008-01-17 19:45:03
ComboFix4.txt 2008-01-17 18:54:40




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:54:01, on 18/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\servicestub.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [servicestub.exe] C:\WINDOWS\servicestub.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7295 bytes

D:\CFScript.txt..txt
Tu as mis deux fois .txt et en plus, ils sont séparés par deux points
Tu peux lancer le script depuis le disque C: ?

Je ne suis pas ffort en informatique et je n'ai rien compris à ce que tu m'as demandé...

DE quel script, tu parles ?

CFScript.txt

Oui, tu veux que je fasse quoi avec ? je l'enregistre sur le disque C: ?

Oui.

Et ensuite, je l'envoie sur Combofix, c'est bien sa ?

Oui.

Dit moi c'est normal quand je donne au script le nom de CFScript.txt. il me le renomme en CFScript.txt..txt du coup je suis obligé de le rerenommer et enfin ils me disent que ce fichier risque de ne pas être utilisé !

ComboFix 08-01-09.2 - Administrateur 2008-01-19 19:09:31.5 - NTFSx86
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\CFScript.txt
* Created a new restore point

FILE
C:\Documents and Settings\Administrateur\dpbdcw.exe
C:\Documents and Settings\Administrateur\fiaiwa.exe
C:\Documents and Settings\Administrateur\kchixe.exe
C:\Documents and Settings\Administrateur\kcsibv.exe
C:\Documents and Settings\Administrateur\kprfee.exe
C:\Documents and Settings\Administrateur\kvvgvq.exe
C:\Documents and Settings\Administrateur\labrzo.exe
C:\Documents and Settings\Administrateur\mplmqv.exe
C:\Documents and Settings\Administrateur\regtom.exe
C:\Documents and Settings\Administrateur\svcicd.exe
C:\Documents and Settings\Administrateur\tqckjt.exe
C:\Documents and Settings\Administrateur\tzllsc.exe
C:\Documents and Settings\Administrateur\vdhimg.exe
C:\Documents and Settings\Administrateur\wubsfw.exe
C:\WINDOWS\servicestub.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\dpbdcw.exe
C:\Documents and Settings\Administrateur\fiaiwa.exe
C:\Documents and Settings\Administrateur\kchixe.exe
C:\Documents and Settings\Administrateur\kcsibv.exe
C:\Documents and Settings\Administrateur\kprfee.exe
C:\Documents and Settings\Administrateur\kvvgvq.exe
C:\Documents and Settings\Administrateur\labrzo.exe
C:\Documents and Settings\Administrateur\mplmqv.exe
C:\Documents and Settings\Administrateur\regtom.exe
C:\Documents and Settings\Administrateur\svcicd.exe
C:\Documents and Settings\Administrateur\tqckjt.exe
C:\Documents and Settings\Administrateur\tzllsc.exe
C:\Documents and Settings\Administrateur\vdhimg.exe
C:\Documents and Settings\Administrateur\wubsfw.exe
C:\WINDOWS\servicestub.exe
C:\WINDOWS\W0034_jpg.zip

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-19 to 2008-01-19 ))))))))))))))))))))))))))))))))))))
.

2008-01-18 18:13 . 2008-01-18 18:13 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
2008-01-17 19:47 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 19:05 . 2008-01-17 19:05 <REP> d-------- C:\Program Files\Trend Micro
2008-01-17 18:24 . 2008-01-18 22:39 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-01-17 09:49 . 2008-01-17 09:49 268 --ah----- C:\sqmdata19.sqm
2008-01-17 09:49 . 2008-01-17 09:49 244 --ah----- C:\sqmnoopt19.sqm
2008-01-16 22:37 . 2008-01-16 22:37 268 --ah----- C:\sqmdata18.sqm
2008-01-16 22:37 . 2008-01-16 22:37 244 --ah----- C:\sqmnoopt18.sqm
2008-01-08 00:36 . 2004-08-16 21:00 116,736 --a------ C:\WINDOWS\system32\CNMLM6f.DLL
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-08 00:36 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-08 00:36 . 2004-08-16 21:00 7,680 --a------ C:\WINDOWS\system32\CNMVS6f.DLL
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-08 00:35 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2008-01-08 00:06 . 2008-01-08 00:06 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2008-01-08 00:06 . 2008-01-08 00:06 532 --a------ C:\WINDOWS\MAXLINK.INI
2008-01-08 00:03 . 2008-01-08 00:03 <REP> d-------- C:\Program Files\ScanSoft
2008-01-08 00:03 . 2008-01-08 00:06 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-01-07 23:59 . 2008-01-07 23:59 <REP> d-------- C:\Program Files\ArcSoft
2008-01-07 23:59 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-07 23:50 . 2008-01-08 00:32 <REP> d-------- C:\Program Files\Canon
2008-01-06 22:29 . 2008-01-06 22:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Samsung
2008-01-06 21:59 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-01-06 21:58 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-01-06 21:58 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-01-06 21:58 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-01-06 21:58 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-01-06 21:58 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-01-06 21:57 . 2008-01-06 21:58 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-01-06 21:57 . 2005-08-30 17:59 94,000 --a------ C:\WINDOWS\system32\drivers\ss_mdm.sys
2008-01-06 21:57 . 2005-08-30 17:57 58,320 --a------ C:\WINDOWS\system32\drivers\ss_bus.sys
2008-01-06 21:57 . 2005-08-30 17:58 8,304 --a------ C:\WINDOWS\system32\drivers\ss_mdfl.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cmnt.sys
2008-01-06 21:57 . 2005-08-30 17:58 6,144 --a------ C:\WINDOWS\system32\drivers\ss_cm.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_whnt.sys
2008-01-06 21:57 . 2005-08-30 17:57 5,808 --a------ C:\WINDOWS\system32\drivers\ss_wh.sys
2008-01-06 21:56 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-01-06 21:56 . 2005-08-28 20:51 766 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-06 21:55 . 2008-01-06 21:55 <REP> d-------- C:\Program Files\Samsung
2008-01-06 20:45 . 2008-01-16 11:33 230,424 --a------ C:\img2-001.raw
2008-01-02 18:56 . 2008-01-18 23:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-01-02 18:40 . 2008-01-02 18:40 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-02 12:40 . 2008-01-02 12:40 268 --ah----- C:\sqmdata17.sqm
2008-01-02 12:40 . 2008-01-02 12:40 244 --ah----- C:\sqmnoopt17.sqm
2008-01-02 11:36 . 2008-01-02 11:36 280 --ah----- C:\sqmdata16.sqm
2008-01-02 11:36 . 2008-01-02 11:36 244 --ah----- C:\sqmnoopt16.sqm
2008-01-02 11:32 . 2008-01-02 11:32 280 --ah----- C:\sqmdata15.sqm
2008-01-02 11:32 . 2008-01-02 11:32 244 --ah----- C:\sqmnoopt15.sqm
2008-01-01 21:02 . 2006-03-01 18:37 217,088 -ra------ C:\WINDOWS\system32\drivers\sis163u.sys
2008-01-01 21:02 . 2005-01-06 21:14 49,152 -ra------ C:\WINDOWS\system32\unwlsdrv.exe
2008-01-01 20:59 . 2008-01-01 20:59 278,528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2008-01-01 20:59 . 2008-01-01 20:59 81,920 --a------ C:\WINDOWS\system32\W32N50.DLL
2008-01-01 20:59 . 2008-01-01 20:59 17,134 --a------ C:\WINDOWS\system32\PCANDIS5.SYS
2008-01-01 20:58 . 2008-01-01 20:59 <REP> d-------- C:\Program Files\Inventel
2008-01-01 20:58 . 2005-02-03 10:51 225,280 --a------ C:\WINDOWS\OptChecker.exe
2008-01-01 20:58 . 2005-02-03 10:51 159,744 --a------ C:\WINDOWS\OptRemove.exe
2008-01-01 16:36 . 2008-01-01 16:36 244 --ah----- C:\sqmnoopt14.sqm
2008-01-01 16:36 . 2008-01-01 16:36 232 --ah----- C:\sqmdata14.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 244 --ah----- C:\sqmnoopt12.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata13.sqm
2008-01-01 15:27 . 2008-01-01 15:27 232 --ah----- C:\sqmdata12.sqm
2007-12-26 20:29 . 2007-12-26 20:29 <REP> d-------- C:\Program Files\IVCsoft
2007-12-26 20:04 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-12-26 20:04 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-12-26 20:03 . 2007-12-26 20:01 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-12-26 20:01 . 2007-12-26 20:07 <REP> d-------- C:\Program Files\Replay Converter
2007-12-26 19:57 . 2007-12-26 20:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GetRightToGo
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-26 19:49 . 2007-12-26 19:49 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Eltima Software
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Fichiers communs\Eltima Shared
2007-12-26 19:48 . 2007-12-26 19:48 <REP> d-------- C:\Program Files\Eltima Software
2007-12-26 19:48 . 2007-12-02 14:14 3,345,408 --a------ C:\WINDOWS\system32\avcodec-51.dll
2007-12-26 19:48 . 2007-12-02 14:14 448,512 --a------ C:\WINDOWS\system32\avformat-50.dll
2007-12-26 19:48 . 2007-12-02 14:13 40,960 --a------ C:\WINDOWS\wavdest.ax
2007-12-26 19:48 . 2007-12-02 14:14 19,968 --a------ C:\WINDOWS\system32\avutil-49.dll
2007-12-26 19:35 . 2007-12-26 19:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\vlc
2007-12-26 19:34 . 2007-12-26 19:34 <REP> d-------- C:\Program Files\VideoLAN
2007-12-22 14:17 . 2007-12-22 14:17 <REP> d-------- C:\Program Files\VirtualDJ

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-19 18:08 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-19 11:16 46,080 ----a-w C:\WINDOWS\system32\ftp.exe
2008-01-19 11:16 17,920 ----a-w C:\WINDOWS\system32\tftp.exe
2008-01-17 17:42 359,040 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-01-07 23:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 17:56 --------- d-----w C:\Program Files\Google
2007-12-14 23:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Age of Empires 3
2007-12-13 16:18 --------- d-----w C:\Program Files\Microsoft Games
2007-12-13 16:17 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-08 17:21 --------- d-----w C:\Program Files\blaxxun Contact
2007-12-08 16:51 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\blaxxun interactive
2007-12-08 16:50 --------- d-----w C:\Program Files\Simcity 3D 2.0
2007-11-20 15:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PowerChallenge
2007-03-09 08:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-17_19.54.17,34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-19 18:08:52 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-19 18:08:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-17 18:48:07 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-19 18:08:52 1,228,800 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-17 18:48:07 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-19 18:08:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-17 18:48:08 5,136,384 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-19 18:08:54 5,152,768 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-17 18:48:08 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-19 18:08:54 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-17 17:42:45 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
+ 2008-01-19 11:16:42 46,080 -c--a-w C:\WINDOWS\system32\dllcache\ftp.exe
- 2008-01-17 17:42:45 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
+ 2008-01-19 11:16:42 17,920 -c--a-w C:\WINDOWS\system32\dllcache\tftp.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 15:22 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-02 18:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-03-31 14:38 66656]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-31 14:46 124128]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51 118784]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-06-10 10:54 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"OPSE reminder"="C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" [2003-07-07 10:30 729088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-02 18:56:12]

S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 18:37]
S3 snpstd2;VideoCAM Look;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2004-07-28 10:49]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab4532fc-7294-11dc-a020-000d561641f7}]
\Shell\AutoRun\command - G:\start.exe
\Shell\iledefrance\command - G:\start.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 19:13:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-19 19:15:22
ComboFix-quarantined-files.txt 2008-01-19 18:15:18
ComboFix2.txt 2008-01-18 17:00:00
ComboFix3.txt 2008-01-18 15:27:32
ComboFix4.txt 2008-01-17 19:45:03
ComboFix5.txt 2008-01-17 18:54:40

Tu as encore des soucis ?

Sa marche parfaitement bien pour l'instant =)

Reposte quand même un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:59:36, on 19/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 7213 bytes

Des questions ?

Jusqu'à là non.